I am getting my next fix approved. It may take a while. Thank you for your patience.
Google Redirect and Browser Setting Hijacker [Solved]
Started by
t5403cg
, Apr 16 2014 05:34 AM
-
This topic is locked
#17
Posted 16 April 2014 - 12:39 PM
t5403cg
- Topic Starter
-
- Member
-
- 37 posts
Member
No problem....appreciate the assistance...just wished to make sure I was not on the hook for anything...! 
Edited by t5403cg, 16 April 2014 - 12:56 PM.
#18
Posted 16 April 2014 - 07:44 PM
Pyxis
-
- Malware Removal
-
- 1,228 posts
Trusted Helper
- Step 1
Download 'RogueKiller by Tigzy' and save it to your desktop.- Ensure all programs and windows are closed before proceeding.
- Simply double-click the program icon to run it. It will ask for administrator privileges.
- Wait for its initial scan to complete.
- Accept its EULA.
- Click the Scan button after.
- Once the scan has finished, click the Delete button.
- Click Report--a log will pop-up shortly.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
- The log will also be made available in the same location as RogueKiller, called RKreport[N]_D_MMDDYYYY_HHMMSS.txt.
- Step 2
Download 'ESET Services Repair by ESET' and save it to your desktop.- Double-click the file. It will ask for administrator privileges. Allow it by clicking Yes.
- You will be asked to confirm. Press Yes to continue.
- Once done, you will be asked to reboot. Press Yes once more.
- Step 3
If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.- Simply double-click the program icon to run it. It will ask for administrator privileges.
- Copy and paste the following into the Custom Scans/Fixes box:
netsvcs BASESERVICES %SYSTEMDRIVE%\*.exe dir "%systemdrive%\*" /S /A:L /C /md5start services.* explorer.exe Userinit.exe svchost.exe /md5stop CREATERESTOREPOINT
- Click Run Scan.
- Files are being searched and it may take some time. Once done, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
- Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
- Simply double-click the program icon to run it. It will ask for administrator privileges.
- Logs to Post
In summary of the above, I will need you to post the following log(s):- RKreport[N]_D_MMDDYYYY_HHMMSS.txt (RogueKiller)
- Extras.txt (OTL)
- OTL.txt (OTL)
#19
Posted 17 April 2014 - 03:43 AM
t5403cg
- Topic Starter
-
- Member
-
- 37 posts
Member
RogueKiller Log:
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : t5403cg [Admin rights]
Mode : Remove -- Date : 04/17/2014 05:43:41
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : OTL ("C:\Users\t5403cg\Desktop\Maleware\OTL.exe" [-]) -> DELETED
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][SUSP PATH] HKCR\[...]\InprocServer32 : (\\?\globalroot\Device\HarddiskVolume1\Users\t5403cg\AppData\Local\Temp\syncsvb\sxynbvq\wow.dll [x]) -> REPLACED (C:\Windows\system32\shell32.dll)
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] At1.job : C:\Users\t5403cg\AppData\Local\Temp\hisadconf.exe - -delete >> nul [x] -> DELETED
[V2][SUSP PATH] At1 : C:\Users\t5403cg\AppData\Local\Temp\hisadconf.exe - -delete >> nul [x] -> DELETED
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @iexplore.exe (BeginBufferedAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DF38)
[Address] EAT @iexplore.exe (BeginBufferedPaint) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182B741)
[Address] EAT @iexplore.exe (BeginPanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718476AF)
[Address] EAT @iexplore.exe (BufferedPaintClear) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182BBDB)
[Address] EAT @iexplore.exe (BufferedPaintInit) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182B8D4)
[Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DE83)
[Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CE19)
[Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E428)
[Address] EAT @iexplore.exe (BufferedPaintUnInit) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837525)
[Address] EAT @iexplore.exe (CloseThemeData) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71821FA1)
[Address] EAT @iexplore.exe (DrawThemeBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182D464)
[Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183436D)
[Address] EAT @iexplore.exe (DrawThemeEdge) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C01C)
[Address] EAT @iexplore.exe (DrawThemeIcon) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184D123)
[Address] EAT @iexplore.exe (DrawThemeParentBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E776)
[Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E5C5)
[Address] EAT @iexplore.exe (DrawThemeText) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DB21)
[Address] EAT @iexplore.exe (DrawThemeTextEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182A70C)
[Address] EAT @iexplore.exe (EnableThemeDialogTexture) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183786D)
[Address] EAT @iexplore.exe (EnableTheming) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C9FF)
[Address] EAT @iexplore.exe (EndBufferedAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182ACE8)
[Address] EAT @iexplore.exe (EndBufferedPaint) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182ACE8)
[Address] EAT @iexplore.exe (EndPanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184762C)
[Address] EAT @iexplore.exe (GetBufferedPaintBits) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182CF26)
[Address] EAT @iexplore.exe (GetBufferedPaintDC) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CDCF)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CD86)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C893)
[Address] EAT @iexplore.exe (GetCurrentThemeName) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718363AE)
[Address] EAT @iexplore.exe (GetThemeAppProperties) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182EBD6)
[Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DA9E)
[Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837155)
[Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71830190)
[Address] EAT @iexplore.exe (GetThemeBitmap) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71824B9C)
[Address] EAT @iexplore.exe (GetThemeBool) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71826651)
[Address] EAT @iexplore.exe (GetThemeColor) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C346)
[Address] EAT @iexplore.exe (GetThemeEnumValue) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeFilename) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B997)
[Address] EAT @iexplore.exe (GetThemeFont) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718376A2)
[Address] EAT @iexplore.exe (GetThemeInt) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeIntList) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B86E)
[Address] EAT @iexplore.exe (GetThemeMargins) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71822F97)
[Address] EAT @iexplore.exe (GetThemeMetric) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718355B4)
[Address] EAT @iexplore.exe (GetThemePartSize) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182289F)
[Address] EAT @iexplore.exe (GetThemePosition) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B80D)
[Address] EAT @iexplore.exe (GetThemePropertyOrigin) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71830923)
[Address] EAT @iexplore.exe (GetThemeRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B936)
[Address] EAT @iexplore.exe (GetThemeStream) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B8CF)
[Address] EAT @iexplore.exe (GetThemeString) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B7A1)
[Address] EAT @iexplore.exe (GetThemeSysBool) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CB86)
[Address] EAT @iexplore.exe (GetThemeSysColor) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71835530)
[Address] EAT @iexplore.exe (GetThemeSysColorBrush) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CA32)
[Address] EAT @iexplore.exe (GetThemeSysFont) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C3D8)
[Address] EAT @iexplore.exe (GetThemeSysInt) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C5E7)
[Address] EAT @iexplore.exe (GetThemeSysSize) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CC61)
[Address] EAT @iexplore.exe (GetThemeSysString) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C553)
[Address] EAT @iexplore.exe (GetThemeTextExtent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718289FE)
[Address] EAT @iexplore.exe (GetThemeTextMetrics) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183778C)
[Address] EAT @iexplore.exe (GetThemeTransitionDuration) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E1A1)
[Address] EAT @iexplore.exe (GetWindowTheme) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183535B)
[Address] EAT @iexplore.exe (HitTestThemeBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71832DC1)
[Address] EAT @iexplore.exe (IsAppThemed) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837009)
[Address] EAT @iexplore.exe (IsCompositionActive) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718265DF)
[Address] EAT @iexplore.exe (IsThemeActive) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71836F36)
[Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182281C)
[Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CB3F)
[Address] EAT @iexplore.exe (IsThemePartDefined) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718230CF)
[Address] EAT @iexplore.exe (OpenThemeData) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71825F29)
[Address] EAT @iexplore.exe (OpenThemeDataEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718306FE)
[Address] EAT @iexplore.exe (SetThemeAppProperties) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CCEC)
[Address] EAT @iexplore.exe (SetWindowTheme) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837AFC)
[Address] EAT @iexplore.exe (SetWindowThemeAttribute) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71829E39)
[Address] EAT @iexplore.exe (ThemeInitApiHook) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71824571)
[Address] EAT @iexplore.exe (UpdatePanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718475ED)
[Address] EAT @iexplore.exe (BeginBufferedAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DF38)
[Address] EAT @iexplore.exe (BeginBufferedPaint) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182B741)
[Address] EAT @iexplore.exe (BeginPanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718476AF)
[Address] EAT @iexplore.exe (BufferedPaintClear) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182BBDB)
[Address] EAT @iexplore.exe (BufferedPaintInit) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182B8D4)
[Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DE83)
[Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CE19)
[Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E428)
[Address] EAT @iexplore.exe (BufferedPaintUnInit) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837525)
[Address] EAT @iexplore.exe (CloseThemeData) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71821FA1)
[Address] EAT @iexplore.exe (DrawThemeBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182D464)
[Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183436D)
[Address] EAT @iexplore.exe (DrawThemeEdge) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C01C)
[Address] EAT @iexplore.exe (DrawThemeIcon) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184D123)
[Address] EAT @iexplore.exe (DrawThemeParentBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E776)
[Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E5C5)
[Address] EAT @iexplore.exe (DrawThemeText) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DB21)
[Address] EAT @iexplore.exe (DrawThemeTextEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182A70C)
[Address] EAT @iexplore.exe (EnableThemeDialogTexture) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183786D)
[Address] EAT @iexplore.exe (EnableTheming) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C9FF)
[Address] EAT @iexplore.exe (EndBufferedAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182ACE8)
[Address] EAT @iexplore.exe (EndBufferedPaint) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182ACE8)
[Address] EAT @iexplore.exe (EndPanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184762C)
[Address] EAT @iexplore.exe (GetBufferedPaintBits) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182CF26)
[Address] EAT @iexplore.exe (GetBufferedPaintDC) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CDCF)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CD86)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C893)
[Address] EAT @iexplore.exe (GetCurrentThemeName) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718363AE)
[Address] EAT @iexplore.exe (GetThemeAppProperties) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182EBD6)
[Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DA9E)
[Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837155)
[Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71830190)
[Address] EAT @iexplore.exe (GetThemeBitmap) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71824B9C)
[Address] EAT @iexplore.exe (GetThemeBool) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71826651)
[Address] EAT @iexplore.exe (GetThemeColor) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C346)
[Address] EAT @iexplore.exe (GetThemeEnumValue) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeFilename) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B997)
[Address] EAT @iexplore.exe (GetThemeFont) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718376A2)
[Address] EAT @iexplore.exe (GetThemeInt) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeIntList) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B86E)
[Address] EAT @iexplore.exe (GetThemeMargins) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71822F97)
[Address] EAT @iexplore.exe (GetThemeMetric) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718355B4)
[Address] EAT @iexplore.exe (GetThemePartSize) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182289F)
[Address] EAT @iexplore.exe (GetThemePosition) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B80D)
[Address] EAT @iexplore.exe (GetThemePropertyOrigin) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71830923)
[Address] EAT @iexplore.exe (GetThemeRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B936)
[Address] EAT @iexplore.exe (GetThemeStream) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B8CF)
[Address] EAT @iexplore.exe (GetThemeString) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B7A1)
[Address] EAT @iexplore.exe (GetThemeSysBool) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CB86)
[Address] EAT @iexplore.exe (GetThemeSysColor) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71835530)
[Address] EAT @iexplore.exe (GetThemeSysColorBrush) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CA32)
[Address] EAT @iexplore.exe (GetThemeSysFont) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C3D8)
[Address] EAT @iexplore.exe (GetThemeSysInt) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C5E7)
[Address] EAT @iexplore.exe (GetThemeSysSize) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CC61)
[Address] EAT @iexplore.exe (GetThemeSysString) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C553)
[Address] EAT @iexplore.exe (GetThemeTextExtent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718289FE)
[Address] EAT @iexplore.exe (GetThemeTextMetrics) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183778C)
[Address] EAT @iexplore.exe (GetThemeTransitionDuration) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E1A1)
[Address] EAT @iexplore.exe (GetWindowTheme) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183535B)
[Address] EAT @iexplore.exe (HitTestThemeBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71832DC1)
[Address] EAT @iexplore.exe (IsAppThemed) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837009)
[Address] EAT @iexplore.exe (IsCompositionActive) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718265DF)
[Address] EAT @iexplore.exe (IsThemeActive) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71836F36)
[Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182281C)
[Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CB3F)
[Address] EAT @iexplore.exe (IsThemePartDefined) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718230CF)
[Address] EAT @iexplore.exe (OpenThemeData) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71825F29)
[Address] EAT @iexplore.exe (OpenThemeDataEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718306FE)
[Address] EAT @iexplore.exe (SetThemeAppProperties) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CCEC)
[Address] EAT @iexplore.exe (SetWindowTheme) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837AFC)
[Address] EAT @iexplore.exe (SetWindowThemeAttribute) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71829E39)
[Address] EAT @iexplore.exe (ThemeInitApiHook) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71824571)
[Address] EAT @iexplore.exe (UpdatePanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718475ED)
[Address] EAT @iexplore.exe (BeginBufferedAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DF38)
[Address] EAT @iexplore.exe (BeginBufferedPaint) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182B741)
[Address] EAT @iexplore.exe (BeginPanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718476AF)
[Address] EAT @iexplore.exe (BufferedPaintClear) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182BBDB)
[Address] EAT @iexplore.exe (BufferedPaintInit) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182B8D4)
[Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DE83)
[Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CE19)
[Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E428)
[Address] EAT @iexplore.exe (BufferedPaintUnInit) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837525)
[Address] EAT @iexplore.exe (CloseThemeData) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71821FA1)
[Address] EAT @iexplore.exe (DrawThemeBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182D464)
[Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183436D)
[Address] EAT @iexplore.exe (DrawThemeEdge) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C01C)
[Address] EAT @iexplore.exe (DrawThemeIcon) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184D123)
[Address] EAT @iexplore.exe (DrawThemeParentBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E776)
[Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E5C5)
[Address] EAT @iexplore.exe (DrawThemeText) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DB21)
[Address] EAT @iexplore.exe (DrawThemeTextEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182A70C)
[Address] EAT @iexplore.exe (EnableThemeDialogTexture) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183786D)
[Address] EAT @iexplore.exe (EnableTheming) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C9FF)
[Address] EAT @iexplore.exe (EndBufferedAnimation) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182ACE8)
[Address] EAT @iexplore.exe (EndBufferedPaint) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182ACE8)
[Address] EAT @iexplore.exe (EndPanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184762C)
[Address] EAT @iexplore.exe (GetBufferedPaintBits) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182CF26)
[Address] EAT @iexplore.exe (GetBufferedPaintDC) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CDCF)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CD86)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C893)
[Address] EAT @iexplore.exe (GetCurrentThemeName) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718363AE)
[Address] EAT @iexplore.exe (GetThemeAppProperties) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182EBD6)
[Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182DA9E)
[Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837155)
[Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71830190)
[Address] EAT @iexplore.exe (GetThemeBitmap) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71824B9C)
[Address] EAT @iexplore.exe (GetThemeBool) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71826651)
[Address] EAT @iexplore.exe (GetThemeColor) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C346)
[Address] EAT @iexplore.exe (GetThemeEnumValue) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeFilename) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B997)
[Address] EAT @iexplore.exe (GetThemeFont) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718376A2)
[Address] EAT @iexplore.exe (GetThemeInt) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718227C0)
[Address] EAT @iexplore.exe (GetThemeIntList) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B86E)
[Address] EAT @iexplore.exe (GetThemeMargins) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71822F97)
[Address] EAT @iexplore.exe (GetThemeMetric) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718355B4)
[Address] EAT @iexplore.exe (GetThemePartSize) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182289F)
[Address] EAT @iexplore.exe (GetThemePosition) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B80D)
[Address] EAT @iexplore.exe (GetThemePropertyOrigin) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71830923)
[Address] EAT @iexplore.exe (GetThemeRect) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B936)
[Address] EAT @iexplore.exe (GetThemeStream) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B8CF)
[Address] EAT @iexplore.exe (GetThemeString) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184B7A1)
[Address] EAT @iexplore.exe (GetThemeSysBool) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CB86)
[Address] EAT @iexplore.exe (GetThemeSysColor) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71835530)
[Address] EAT @iexplore.exe (GetThemeSysColorBrush) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CA32)
[Address] EAT @iexplore.exe (GetThemeSysFont) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C3D8)
[Address] EAT @iexplore.exe (GetThemeSysInt) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C5E7)
[Address] EAT @iexplore.exe (GetThemeSysSize) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CC61)
[Address] EAT @iexplore.exe (GetThemeSysString) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184C553)
[Address] EAT @iexplore.exe (GetThemeTextExtent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718289FE)
[Address] EAT @iexplore.exe (GetThemeTextMetrics) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183778C)
[Address] EAT @iexplore.exe (GetThemeTransitionDuration) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182E1A1)
[Address] EAT @iexplore.exe (GetWindowTheme) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7183535B)
[Address] EAT @iexplore.exe (HitTestThemeBackground) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71832DC1)
[Address] EAT @iexplore.exe (IsAppThemed) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837009)
[Address] EAT @iexplore.exe (IsCompositionActive) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718265DF)
[Address] EAT @iexplore.exe (IsThemeActive) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71836F36)
[Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7182281C)
[Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CB3F)
[Address] EAT @iexplore.exe (IsThemePartDefined) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718230CF)
[Address] EAT @iexplore.exe (OpenThemeData) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71825F29)
[Address] EAT @iexplore.exe (OpenThemeDataEx) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718306FE)
[Address] EAT @iexplore.exe (SetThemeAppProperties) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x7184CCEC)
[Address] EAT @iexplore.exe (SetWindowTheme) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71837AFC)
[Address] EAT @iexplore.exe (SetWindowThemeAttribute) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71829E39)
[Address] EAT @iexplore.exe (ThemeInitApiHook) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x71824571)
[Address] EAT @iexplore.exe (UpdatePanningFeedback) : SDXML.dll -> HOOKED (C:\Windows\SysWOW64\uxtheme.dll @ 0x718475ED)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
ÿþ1
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600BEKT-08PVMT1 +++++
--- User ---
[MBR] 2b3e75cade1d0b4ecd8d1dc108f0a7ff
[BSP] 690a7c17ddc09714d5cee3f12f1c9dad : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB
Error reading LL1 MBR! ([0x1] Incorrect function. )
User != LL2 ... KO!
--- LL2 ---
[MBR] bba47f050e4e5b3420cf305212aa0feb
[BSP] af9eb0b34d8dbf75e1d170dae7bf74e8 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB
Finished : << RKreport[0]_D_04172014_054341.txt >>
RKreport[0]_S_04162014_130250.txt;RKreport[0]_S_04172014_054333.txt
#20
Posted 17 April 2014 - 04:13 AM
t5403cg
- Topic Starter
-
- Member
-
- 37 posts
Member
OTL Log:
OTL logfile created on: 4/17/2014 6:09:23 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\t5403cg\Desktop\Maleware
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.89 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 54.90% Memory free
7.77 Gb Paging File | 6.06 Gb Available in Paging File | 78.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 90.71 Gb Free Space | 60.86% Space Free | Partition Type: NTFS
Computer Name: CID-TDENZL403CG | User Name: T5403CG | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/04/16 07:22:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\t5403cg\Desktop\Maleware\OTL.exe
PRC - [2014/03/07 00:44:22 | 010,311,968 | ---- | M] (Tanium Inc.) -- C:\Program Files (x86)\Tanium\Tanium Client\TaniumClient.exe
PRC - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/12/18 12:14:27 | 000,642,816 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011/09/12 13:16:02 | 000,108,456 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/09/12 13:15:58 | 000,115,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/09/12 13:15:44 | 001,839,888 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/09/12 13:15:36 | 000,050,592 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2011/09/06 08:49:57 | 001,375,064 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe
PRC - [2011/09/06 08:49:19 | 000,214,872 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Altiris\Altiris Agent\AeXAgentUIHost.exe
PRC - [2011/07/21 16:02:00 | 000,288,096 | ---- | M] (Lumension Security, Inc.) -- C:\Program Files (x86)\Lumension\Patch Agent\NotificationManager.exe
PRC - [2011/07/21 16:01:14 | 000,095,584 | ---- | M] (Lumension Security, Inc.) -- C:\Program Files (x86)\Lumension\Patch Agent\GravitixService.exe
PRC - [2011/04/28 23:46:34 | 003,411,968 | ---- | M] (IBM) -- C:\Notes\nsd.exe
PRC - [2011/01/06 11:57:26 | 000,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2011/01/06 11:56:06 | 001,104,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2010/07/25 14:33:30 | 002,184,264 | ---- | M] (Winmagic Inc.) -- C:\Program Files (x86)\WinMagic\SecureDoc-NT\SDPin.exe
PRC - [2010/07/25 14:33:30 | 000,693,320 | ---- | M] (WinMagic Inc.) -- C:\Program Files (x86)\WinMagic\SecureDoc-NT\SDService.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/23 11:59:24 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/23 11:59:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/23 11:59:05 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/23 11:58:56 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/23 11:58:51 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/08/19 07:14:07 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/19 07:13:45 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/19 07:13:37 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/15 08:59:51 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/12 14:21:49 | 000,091,488 | ---- | M] () -- C:\Windows\assembly\GAC_32\Agent.ProtVista\7.0.0.551__dadec3a2d57dc0c0\Agent.ProtVista.dll
MOD - [2011/07/21 16:01:54 | 000,091,488 | ---- | M] () -- C:\Program Files (x86)\Lumension\Patch Agent\Content.Common.dll
MOD - [2010/12/07 15:14:36 | 000,297,520 | ---- | M] () -- C:\Program Files\Manufacturer\Endpoint Agent\prntm.dll
MOD - [2010/12/07 15:14:34 | 000,297,008 | ---- | M] () -- C:\Program Files\Manufacturer\Endpoint Agent\iexpm.dll
MOD - [2010/07/25 14:33:28 | 000,018,504 | ---- | M] () -- C:\Windows\SysWOW64\SDXML.dll
MOD - [2010/07/25 14:33:26 | 000,051,784 | ---- | M] () -- C:\Windows\SysWOW64\SDMigrate.dll
MOD - [2010/07/25 14:33:24 | 000,536,136 | ---- | M] () -- C:\Windows\SysWOW64\sdck.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/10/24 07:19:16 | 000,543,016 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\Windows\SysNative\ngvpnmgr.exe -- (NgVpnMgr)
SRV:64bit: - [2013/07/15 07:18:23 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/07/12 14:18:13 | 000,350,024 | ---- | M] (Lumension Security, Inc.) [Auto | Running] -- C:\Program Files\Lumension\LEMSSAgent\LMAgent.exe -- (LEMSS Agent)
SRV:64bit: - [2013/03/06 17:32:12 | 001,598,976 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\enstart64.exe -- (enstart64)
SRV:64bit: - [2012/04/05 19:48:54 | 000,158,208 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc2.exe -- (Samsung UPD Service2)
SRV:64bit: - [2010/12/07 15:14:00 | 000,302,128 | ---- | M] () [Auto | Running] -- C:\Program Files\Manufacturer\Endpoint Agent\wdp.exe -- (WDP)
SRV:64bit: - [2010/12/07 15:13:58 | 000,346,160 | ---- | M] () [Auto | Running] -- C:\Program Files\Manufacturer\Endpoint Agent\edpa.exe -- (EDPA)
SRV:64bit: - [2010/11/12 01:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/03/07 00:44:22 | 010,311,968 | ---- | M] (Tanium Inc.) [Auto | Running] -- C:\Program Files (x86)\Tanium\Tanium Client\TaniumClient.exe -- (Tanium Client)
SRV - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2013/04/10 08:13:51 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\900\g2aservice.exe -- (GoToAssist)
SRV - [2013/03/08 21:38:05 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/11/25 06:13:12 | 000,821,720 | ---- | M] (Mister Group) [On_Demand | Stopped] -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe -- (SystemExplorerHelpService)
SRV - [2011/09/12 13:16:02 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/09/12 13:16:02 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/09/12 13:15:50 | 000,428,960 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2011/09/12 13:15:48 | 003,250,416 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/09/12 13:15:44 | 001,839,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011/09/06 09:08:01 | 000,620,376 | ---- | M] (Altiris, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe -- (AltirisAgentProvider)
SRV - [2011/09/06 08:49:57 | 001,375,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)
SRV - [2011/07/21 16:01:14 | 000,095,584 | ---- | M] (Lumension Security, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Lumension\Patch Agent\GravitixService.exe -- (Patch Agent)
SRV - [2011/04/28 23:46:34 | 003,411,968 | ---- | M] (IBM) [Auto | Running] -- C:\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2011/04/08 11:00:16 | 000,236,392 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files (x86)\Altiris\Altiris Agent\Agents\Deployment\Agent\ConfigService.exe -- (ConfigService)
SRV - [2011/01/20 00:55:06 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2011/01/06 11:56:06 | 001,104,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2010/07/25 14:33:30 | 000,693,320 | ---- | M] (WinMagic Inc.) [Auto | Running] -- C:\Program Files (x86)\WinMagic\SecureDoc-NT\SDService.exe -- (WinMagic SecureDoc Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/10/24 00:59:08 | 000,103,496 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngvpn.sys -- (NgVpn)
DRV:64bit: - [2013/10/24 00:59:08 | 000,031,304 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nglog.sys -- (NgLog)
DRV:64bit: - [2013/10/24 00:59:08 | 000,028,744 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngwfp.sys -- (NgWfp)
DRV:64bit: - [2013/10/24 00:59:08 | 000,026,184 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ngfilter.sys -- (NgFilter)
DRV:64bit: - [2013/09/10 16:40:10 | 000,173,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/07/12 14:17:53 | 000,084,080 | ---- | M] (Lumension Security, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eps.sys -- (EPS)
DRV:64bit: - [2013/03/20 14:15:21 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/03/06 23:29:00 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2013/03/06 17:32:12 | 000,075,392 | ---- | M] (Guidance Software Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\enstart64_.sys -- (enstart64_)
DRV:64bit: - [2011/09/12 13:16:10 | 000,054,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2011/09/12 13:16:04 | 000,482,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2011/09/12 13:16:04 | 000,453,240 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/09/12 13:16:04 | 000,032,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/09/12 13:15:52 | 000,064,152 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2010/12/20 16:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/20 08:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/12/18 16:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/18 16:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/16 00:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/15 19:56:06 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/14 19:12:00 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2010/12/07 15:14:28 | 000,027,184 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtam.sys -- (vrtam)
DRV:64bit: - [2010/12/07 15:14:26 | 000,058,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdifd11.sys -- (tdifd11)
DRV:64bit: - [2010/12/07 15:14:24 | 000,065,072 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\vfsmfd.sys -- (vfsmfd)
DRV:64bit: - [2010/12/07 15:14:24 | 000,055,344 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SFsCtrx.sys -- (SFsCtrx)
DRV:64bit: - [2010/12/03 13:56:26 | 000,167,680 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010/11/22 22:50:12 | 001,567,360 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/12 01:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010/11/05 06:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/18 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 07:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/20 18:36:28 | 000,114,688 | ---- | M] (WinMagic Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SDDToki.sys -- (SDDToki)
DRV:64bit: - [2010/01/20 13:19:22 | 000,139,776 | ---- | M] (WinMagic Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SDDisk2K.sys -- (SDDisk2K)
DRV:64bit: - [2009/09/28 13:54:00 | 000,021,504 | ---- | M] (WinMagic, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PinFile.sys -- (PinFile)
DRV:64bit: - [2009/09/25 17:59:14 | 000,070,656 | ---- | M] (WinMagic Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SDDVD.sys -- (SDDVD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/05 16:04:26 | 000,020,992 | ---- | M] (WinMagic Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SDUPC.sys -- (SDUPC)
DRV - [2013/11/21 08:06:18 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/21 08:06:18 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/29 07:44:15 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140415.025\ex64.sys -- (NAVEX15)
DRV - [2013/08/29 07:44:14 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140415.025\eng64.sys -- (NAVENG)
DRV - [2011/09/12 13:16:04 | 000,482,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2011/09/12 13:16:04 | 000,453,240 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2011/09/12 13:16:04 | 000,032,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2010/11/29 17:46:32 | 000,084,080 | ---- | M] (Lumension Security, Inc.) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\eps.sys -- (EPS)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = nyproxy:80
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = nyproxy:80
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet.newyorklife.com/
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = njproxy:80
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\t5403cg\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
[2014/04/15 19:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
O1 HOSTS File: ([2014/04/16 12:46:31 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\Snagit 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files (x86)\Altiris\Altiris Agent\AeXAgentActivate.exe (Symantec Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IBM Lotus Notes Preloader] C:\Notes\nntspreld.exe (IBM Corp)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [StartSecurDoc] C:\Program Files (x86)\WinMagic\SecureDoc-NT\SDPin.exe (Winmagic Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = Scheduled Tasks
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 3 = Users and Passwords
O7 - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConnectHomeDirToRoot = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2013\spy.htm ()
O9:64bit: - Extra 'Tools' menuitem : Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2013\spy.htm ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program FilesPersonal\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program FilesPersonal\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program FilesPersonal\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2013\spy.htm ()
O9 - Extra 'Tools' menuitem : Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2013\spy.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A6CA29DD-AD4A-4891-A8CC-C2B88741CF4A} http://onlinebudget..../CPMActiveX.CAB (CPMActiveX.CBWX)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://newyorklife....ng/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hq.nt.newyorklife.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CCA90B7-B2F9-414C-8CC0-1BFDB1BDA465}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D47835FD-A7B7-426A-9496-7159A0B45C08}: Domain = newyorklife.com
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (AMINIT64.DLL) - C:\Windows\SysNative\AMInit64.dll (Altiris, Inc.)
O20 - AppInit_DLLs: (aminit32.dll) - C:\Windows\SysWow64\Aminit32.dll (Altiris, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\900\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\900\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014/04/17 05:46:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2014/04/16 13:27:49 | 000,000,000 | ---D | C] -- C:\Users\t5403cg\Documents\ProcAlyzer Dumps
[2014/04/16 12:56:59 | 000,000,000 | ---D | C] -- C:\Users\t5403cg\Desktop\RK_Quarantine
[2014/04/16 12:56:33 | 000,000,000 | ---D | C] -- C:\Users\t5403cg\AppData\Roaming\smkits
[2014/04/16 12:44:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/16 10:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemExplorer
[2014/04/16 10:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
[2014/04/16 10:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System Explorer
[2014/04/16 09:48:25 | 000,000,000 | ---D | C] -- C:\Users\t5403cg\AppData\Local\CrashDumps
[2014/04/15 15:22:14 | 000,000,000 | ---D | C] -- C:\Users\t5403cg\AppData\Local\NPE
[2014/04/15 15:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2014/04/15 12:19:37 | 000,000,000 | ---D | C] -- C:\Users\t5403cg\Desktop\rkill
[2014/04/15 07:51:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2014/04/15 06:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/04/15 06:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/04/14 11:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Grep
[2014/04/14 11:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Grep
[2014/04/14 11:20:36 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/04/14 10:14:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/04/14 10:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/04/14 10:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/04/14 09:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/04/14 09:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/04/14 07:13:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/13 10:59:18 | 000,000,000 | ---D | C] -- C:\Users\t5403cg\Desktop\Maleware
[2014/04/02 07:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2014/04/02 06:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/04/02 06:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/03/31 06:38:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[22 C:\Users\t5403cg\Documents\*.tmp files -> C:\Users\t5403cg\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/04/17 05:58:48 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/17 05:58:48 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/17 05:52:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/17 05:49:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/17 05:49:04 | 3129,397,248 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/17 05:45:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/16 15:44:07 | 000,639,391 | ---- | M] () -- C:\Users\t5403cg\Documents\Re_ Response Required_ Action Required - Oracle Java 7 Update 5 on SOLARIS Servers -Model Servers have been upgraded.pdf
[2014/04/16 13:30:11 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2014/04/16 12:46:31 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/16 12:44:34 | 006,131,177 | ---- | M] () -- C:\Users\t5403cg\Documents\documentation for vendor mgt (ALERTS conversion) .eml
[2014/04/16 12:44:33 | 001,091,415 | ---- | M] () -- C:\Users\t5403cg\Documents\Untitled.eml
[2014/04/16 10:26:35 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\System Explorer.lnk
[2014/04/15 15:26:35 | 000,006,591 | ---- | M] () -- C:\Users\t5403cg\Documents\test2.csv
[2014/04/15 15:24:12 | 000,000,075 | ---- | M] () -- C:\Windows\SysNative\dpmo.qnz
[2014/04/15 15:17:11 | 000,000,233 | ---- | M] () -- C:\Users\t5403cg\Documents\test.csv
[2014/04/14 10:22:18 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/14 10:22:18 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/12 12:14:34 | 000,001,484 | ---- | M] () -- C:\Users\t5403cg\Desktop\KL-Station.url
[2014/04/11 11:12:22 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/03 09:12:09 | 000,782,500 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/03 09:12:09 | 000,662,632 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/03 09:12:09 | 000,122,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/25 20:19:50 | 000,000,000 | ---- | M] () -- C:\t14s.2
[2014/03/25 20:19:50 | 000,000,000 | ---- | M] () -- C:\t14s.1
[2014/03/19 19:27:22 | 000,000,600 | ---- | M] () -- C:\Users\t5403cg\AppData\Roaming\winscp.rnd
[22 C:\Users\t5403cg\Documents\*.tmp files -> C:\Users\t5403cg\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/04/16 15:43:59 | 000,639,391 | ---- | C] () -- C:\Users\t5403cg\Documents\Re_ Response Required_ Action Required - Oracle Java 7 Update 5 on SOLARIS Servers -Model Servers have been upgraded.pdf
[2014/04/16 13:30:09 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/04/16 10:26:35 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\System Explorer.lnk
[2014/04/15 15:26:35 | 000,006,591 | ---- | C] () -- C:\Users\t5403cg\Documents\test2.csv
[2014/04/15 15:17:11 | 000,000,233 | ---- | C] () -- C:\Users\t5403cg\Documents\test.csv
[2014/03/25 20:19:50 | 000,000,000 | ---- | C] () -- C:\t14s.2
[2014/03/25 20:19:50 | 000,000,000 | ---- | C] () -- C:\t14s.1
[2013/12/09 17:53:25 | 000,000,600 | ---- | C] () -- C:\Users\t5403cg\AppData\Roaming\winscp.rnd
[2013/11/25 19:50:26 | 000,000,298 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/10/24 07:22:54 | 000,234,792 | ---- | C] () -- C:\Windows\ngmsi.dll
[2013/10/24 07:21:24 | 000,020,776 | ---- | C] () -- C:\Windows\ngutil.exe
[2013/09/13 08:53:39 | 000,000,262 | ---- | C] () -- C:\Users\t5403cg\.serena.vm.applet.config
[2013/06/25 13:45:46 | 002,052,904 | R--- | C] () -- C:\Windows\SysWow64\XmlSpyLib.dll
[2013/05/13 07:42:49 | 000,000,600 | ---- | C] () -- C:\Users\t5403cg\AppData\Local\PUTTY.RND
[2013/04/10 08:13:46 | 000,103,832 | ---- | C] () -- C:\Users\t5403cg\GoToAssistDownloadHelper.exe
[2013/03/23 14:41:31 | 001,558,432 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
[2013/03/20 14:13:25 | 000,051,328 | RHS- | C] () -- C:\Users\t5403cg\ntuser.pol
[2013/03/08 11:50:22 | 000,000,510 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/03/06 19:43:36 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2013/03/06 19:43:34 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013/03/06 19:43:32 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2013/03/06 19:43:28 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2013/03/06 17:28:59 | 000,776,716 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/06 16:56:58 | 000,005,750 | RHS- | C] () -- C:\ProgramData\ntuser.pol
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/07 03:22:18 | 014,172,672 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/07 03:22:18 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/07 03:22:18 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Custom Scans ==========
========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 23:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 23:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/11/16 13:24:34 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2013/03/20 14:15:55 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/08/19 07:26:50 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/08/19 07:26:50 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2014/04/15 15:37:10 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 23:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 23:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2013/03/07 03:10:54 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 23:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/20 23:23:54 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2013/03/07 03:11:29 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/11/20 23:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/11/16 13:24:34 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 23:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2014/04/15 15:37:10 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/11/16 13:24:34 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 23:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 23:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 23:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 23:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 23:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 23:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2010/11/20 23:24:01 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 23:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 23:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/07/15 07:18:23 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 23:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 23:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 23:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 23:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 23:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2010/11/20 23:24:25 | 002,420,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 23:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 23:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is B432-3C79
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\smeclnt
03/06/2013 04:57 PM <JUNCTION> Application Data [C:\Users\smeclnt\AppData\Roaming]
03/06/2013 04:57 PM <JUNCTION> Cookies [C:\Users\smeclnt\AppData\Roaming\Microsoft\Windows\Cookies]
03/06/2013 04:57 PM <JUNCTION> Local Settings [C:\Users\smeclnt\AppData\Local]
03/06/2013 04:57 PM <JUNCTION> My Documents [C:\Users\smeclnt\Documents]
03/06/2013 04:57 PM <JUNCTION> NetHood [C:\Users\smeclnt\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/06/2013 04:57 PM <JUNCTION> PrintHood [C:\Users\smeclnt\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/06/2013 04:57 PM <JUNCTION> Recent [C:\Users\smeclnt\AppData\Roaming\Microsoft\Windows\Recent]
03/06/2013 04:57 PM <JUNCTION> SendTo [C:\Users\smeclnt\AppData\Roaming\Microsoft\Windows\SendTo]
03/06/2013 04:57 PM <JUNCTION> Start Menu [C:\Users\smeclnt\AppData\Roaming\Microsoft\Windows\Start Menu]
03/06/2013 04:57 PM <JUNCTION> Templates [C:\Users\smeclnt\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\smeclnt\AppData\Local
03/06/2013 04:57 PM <JUNCTION> Application Data [C:\Users\smeclnt\AppData\Local]
03/06/2013 04:57 PM <JUNCTION> History [C:\Users\smeclnt\AppData\Local\Microsoft\Windows\History]
03/06/2013 04:57 PM <JUNCTION> Temporary Internet Files [C:\Users\smeclnt\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\smeclnt\Documents
03/06/2013 04:57 PM <JUNCTION> My Music [C:\Users\smeclnt\Music]
03/06/2013 04:57 PM <JUNCTION> My Pictures [C:\Users\smeclnt\Pictures]
03/06/2013 04:57 PM <JUNCTION> My Videos [C:\Users\smeclnt\Videos]
0 File(s) 0 bytes
Directory of C:\Users\t5403cg
03/20/2013 02:12 PM <JUNCTION> Application Data [C:\Users\t5403cg\AppData\Roaming]
03/20/2013 02:12 PM <JUNCTION> Cookies [C:\Users\t5403cg\AppData\Roaming\Microsoft\Windows\Cookies]
03/20/2013 02:12 PM <JUNCTION> Local Settings [C:\Users\t5403cg\AppData\Local]
03/20/2013 02:12 PM <JUNCTION> My Documents [C:\Users\t5403cg\Documents]
03/20/2013 02:12 PM <JUNCTION> NetHood [C:\Users\t5403cg\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/20/2013 02:12 PM <JUNCTION> PrintHood [C:\Users\t5403cg\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/20/2013 02:12 PM <JUNCTION> Recent [C:\Users\t5403cg\AppData\Roaming\Microsoft\Windows\Recent]
03/20/2013 02:12 PM <JUNCTION> SendTo [C:\Users\t5403cg\AppData\Roaming\Microsoft\Windows\SendTo]
03/20/2013 02:12 PM <JUNCTION> Start Menu [C:\Users\t5403cg\AppData\Roaming\Microsoft\Windows\Start Menu]
03/20/2013 02:12 PM <JUNCTION> Templates [C:\Users\t5403cg\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\t5403cg\AppData\Local
03/20/2013 02:12 PM <JUNCTION> Application Data [C:\Users\t5403cg\AppData\Local]
03/20/2013 02:12 PM <JUNCTION> History [C:\Users\t5403cg\AppData\Local\Microsoft\Windows\History]
03/20/2013 02:12 PM <JUNCTION> Temporary Internet Files [C:\Users\t5403cg\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\t5403cg\Documents
03/20/2013 02:12 PM <JUNCTION> My Music [C:\Users\t5403cg\Music]
03/20/2013 02:12 PM <JUNCTION> My Pictures [C:\Users\t5403cg\Pictures]
03/20/2013 02:12 PM <JUNCTION> My Videos [C:\Users\t5403cg\Videos]
0 File(s) 0 bytes
Directory of C:\Users\WINDIST
03/20/2013 03:35 PM <JUNCTION> Application Data [C:\Users\WINDIST\AppData\Roaming]
03/20/2013 03:35 PM <JUNCTION> Cookies [C:\Users\WINDIST\AppData\Roaming\Microsoft\Windows\Cookies]
03/20/2013 03:35 PM <JUNCTION> Local Settings [C:\Users\WINDIST\AppData\Local]
03/20/2013 03:35 PM <JUNCTION> My Documents [C:\Users\WINDIST\Documents]
03/20/2013 03:35 PM <JUNCTION> NetHood [C:\Users\WINDIST\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/20/2013 03:35 PM <JUNCTION> PrintHood [C:\Users\WINDIST\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/20/2013 03:35 PM <JUNCTION> Recent [C:\Users\WINDIST\AppData\Roaming\Microsoft\Windows\Recent]
03/20/2013 03:35 PM <JUNCTION> SendTo [C:\Users\WINDIST\AppData\Roaming\Microsoft\Windows\SendTo]
03/20/2013 03:35 PM <JUNCTION> Start Menu [C:\Users\WINDIST\AppData\Roaming\Microsoft\Windows\Start Menu]
03/20/2013 03:35 PM <JUNCTION> Templates [C:\Users\WINDIST\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\WINDIST\AppData\Local
03/20/2013 03:35 PM <JUNCTION> Application Data [C:\Users\WINDIST\AppData\Local]
03/20/2013 03:35 PM <JUNCTION> History [C:\Users\WINDIST\AppData\Local\Microsoft\Windows\History]
03/20/2013 03:35 PM <JUNCTION> Temporary Internet Files [C:\Users\WINDIST\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\WINDIST\Documents
03/20/2013 03:35 PM <JUNCTION> My Music [C:\Users\WINDIST\Music]
03/20/2013 03:35 PM <JUNCTION> My Pictures [C:\Users\WINDIST\Pictures]
03/20/2013 03:35 PM <JUNCTION> My Videos [C:\Users\WINDIST\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
82 Dir(s) 97,172,336,640 bytes free
< MD5 for: EXPLORER.EXE >
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2011/04/12 03:44:43 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 03:44:43 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.EXSD >
[2013/03/06 17:10:03 | 000,005,504 | ---- | M] () MD5=29D4E14DEA85C98938AEB04E25FFDB15 -- C:\Notes\framework\shared\eclipse\plugins\com.ibm.collaboration.realtime.core_8.0.2.20100802-0849\schema\services.exsd
[2013/03/06 17:09:56 | 000,009,228 | ---- | M] () MD5=3E11E39EF022CF627D45877E2164168B -- C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.eclipse.source_6.2.2.20100710-0200\org.eclipse.ui_3.4.2.M20090204-0800\schema\services.exsd
< MD5 for: SERVICES.JS >
[2013/03/06 17:10:04 | 000,002,937 | ---- | M] () MD5=372EB6C70976BA31E0CE3B6F9BE58320 -- C:\Notes\framework\shared\eclipse\plugins\com.ibm.collaboration.realtime.webapi_8.0.2.20100802-0849\services.js
[2013/03/06 17:11:29 | 000,002,937 | ---- | M] () MD5=372EB6C70976BA31E0CE3B6F9BE58320 -- C:\Notes\framework\shared\eclipse\plugins\com.ibm.collaboration.realtime.webapi_8.0.2.20110107-2231\services.js
< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >
[2011/04/12 03:44:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 03:44:44 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 03:44:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 03:44:44 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SERVICES.ZIP >
[2012/07/07 23:31:41 | 000,876,996 | ---- | M] () MD5=CAC0A919FE55CAAFFAC56BAEFC037444 -- C:\Users\Public\Desktop\CC Support\Tools\ServicesRepair\Temp\Services.zip
< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 478 bytes -> C:\Users\t5403cg\Documents\Untitled.eml:OECustomProperty
@Alternate Data Stream - 1406 bytes -> C:\Users\t5403cg\Documents\documentation for vendor mgt (ALERTS conversion) .eml:OECustomProperty
< End of report >
#21
Posted 17 April 2014 - 04:15 AM
t5403cg
- Topic Starter
-
- Member
-
- 37 posts
Member
No Extras Log was created
#22
Posted 17 April 2014 - 04:23 AM
t5403cg
- Topic Starter
-
- Member
-
- 37 posts
Member
BTW....since yesterday.....all of the side affects of the virus have been removed from the system.....so far, so good....!
#23
Posted 17 April 2014 - 10:42 AM
Pyxis
-
- Malware Removal
-
- 1,228 posts
Trusted Helper
BTW....since yesterday.....all of the side affects of the virus have been removed from the system.....so far, so good....!
Awesome. Let's remove all the remnants now.
- Step 1
If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.- Simply double-click the program icon to run it. It will ask for administrator privileges.
- Copy and paste the following into the Custom Scans/Fixes box:
:Commands [CREATERESTOREPOINT] :OTL IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = nyproxy:80 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes] IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = nyproxy:80 IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = njproxy:80 [2014/04/02 06:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro @Alternate Data Stream - 478 bytes -> C:\Users\t5403cg\Documents\Untitled.eml:OECustomProperty @Alternate Data Stream - 1406 bytes -> C:\Users\t5403cg\Documents\documentation for vendor mgt (ALERTS conversion) .eml:OECustomProperty :Files C:\Windows\System32\sysprep\cryptbase.dll :Commands [emptytemp] - Click Run Fix.
- OTL will reboot your system. Allow it by clicking OK.
- After the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
- Simply double-click the program icon to run it. It will ask for administrator privileges.
- Step 2
Download 'aswMBR by avast!' and save it to your desktop.- Simply double-click the program icon to run it. It will ask for administrator privileges.
- Once prompted to download the database, click No.
- Choose None for the AV Scan option.
- Press Scan. Once done, click Save Log and choose your desktop.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
- Step 3
Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.- Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
- Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):
- The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
- Upon completion, use Notepad to open and save C:\Program Files\ESET\EsetOnlineScanner\log.txt to your desktop.
- Select Uninstall application on close and click Finish.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
- Step 4
Download 'SecurityCheck by screen317' and save it to your desktop.- Simply double-click the program icon to run it. It will ask for administrator privileges.
- A black window will appear. Press any key to continue.
- Wait for it to finish. It won't take long.
- A log will automatically pop-up after once done.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
- Logs to Post
In summary of the above, I will need you to post the following log(s):- MMDDYYYY_HHMMSS.log (OTL)
- aswMBR.txt (aswMBR)
- log.txt (ESET Online Scan)
- checkup.txt (SecurityCheck)
#24
Posted 17 April 2014 - 11:28 AM
t5403cg
- Topic Starter
-
- Member
-
- 37 posts
Member
can't get to the security check software download...404 error
#26
Posted 17 April 2014 - 11:41 AM
t5403cg
- Topic Starter
-
- Member
-
- 37 posts
Member
OTL Log:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKEY_USERS\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-8915387-1179330321-1947940980-1806\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\ProgramData\HitmanPro folder moved successfully.
ADS C:\Users\t5403cg\Documents\Untitled.eml:OECustomProperty deleted successfully.
ADS C:\Users\t5403cg\Documents\documentation for vendor mgt (ALERTS conversion) .eml:OECustomProperty deleted successfully.
========== FILES ==========
File\Folder C:\Windows\System32\sysprep\cryptbase.dll not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: smeclnt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: t5403cg
->Temp folder emptied: 7902871 bytes
->Temporary Internet Files folder emptied: 260443388 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3519 bytes
User: WINDIST
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2335 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 4009167 bytes
Total Files Cleaned = 260.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04172014_133324
Files\Folders moved on Reboot...
C:\Users\t5403cg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\etilqs_kv0RfHZtQH7jlEKhPJY5 not found!
File\Folder C:\Windows\temp\etilqs_kv0RfHZtQH7jlEKhPJY5-journal not found!
File\Folder C:\Windows\temp\nsd_tmp_2140.tmp not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
#27
Posted 17 April 2014 - 11:43 AM
t5403cg
- Topic Starter
-
- Member
-
- 37 posts
Member
BTW....
C:\Windows\System32\sysprep\cryptbase.dll not found ----- is NOT true...file still exists on the system
#28
Posted 17 April 2014 - 11:50 AM
t5403cg
- Topic Starter
-
- Member
-
- 37 posts
Member
ASW Log:
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-17 13:48:12
-----------------------------
13:48:12.747 OS Version: Windows x64 6.1.7601 Service Pack 1
13:48:12.747 Number of processors: 4 586 0x2A07
13:48:12.762 ComputerName: CID-TDENZL403CG UserName: t5403cg
13:48:13.931 Initialize success
13:48:26.581 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:48:26.581 Disk 0 Vendor: WDC_WD16 02.0 Size: 152627MB BusType: 3
13:48:26.612 Disk 0 MBR read successfully
13:48:26.612 Disk 0 MBR scan
13:48:26.612 Disk 0 Windows 7 default MBR code found via API
13:48:26.612 Disk 0 unknown MBR code
13:48:26.612 Disk 0 MBR hidden
13:48:26.628 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS 152625 MB offset 2048
13:48:26.628 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT**
13:48:26.628 Scan finished successfully
13:50:00.713 Disk 0 MBR has been saved successfully to "C:\Users\t5403cg\Desktop\Maleware\MBR.dat"
13:50:00.713 The log file has been saved successfully to "C:\Users\t5403cg\Desktop\Maleware\aswMBR.txt"
#29
Posted 17 April 2014 - 03:26 PM
t5403cg
- Topic Starter
-
- Member
-
- 37 posts
Member
Log from ESet:
C:\AdwCleaner\Quarantine\C\ProgramData\Websteroids\Websteroids.exe.vir a variant of MSIL/Adware.PullUpdate.D application cleaned by deleting - quarantined
C:\Program Files (x86)\RegistryNuke 2014\RegistryNuke.exe probably a variant of Win32/RegistryNuke application cleaned by deleting - quarantined
C:\Users\t5403cg\AppData\Local\Google\Chrome\User Data\Default\Users\agipggolfbmkpbealnlhmehnhfbiimon\background.js Win32/TrojanDownloader.Tracur.AI trojan cleaned by deleting - quarantined
C:\Users\t5403cg\AppData\Local\Google\Chrome\User Data\Default\Users\agipggolfbmkpbealnlhmehnhfbiimon\cs.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\t5403cg\Desktop\Maleware\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\t5403cg\Desktop\Maleware\RN_ErrorsFix_Setup.exe probably a variant of Win32/RegistryNuke application cleaned by deleting - quarantined
Edited by t5403cg, 17 April 2014 - 03:27 PM.
#30
Posted 17 April 2014 - 03:29 PM
t5403cg
- Topic Starter
-
- Member
-
- 37 posts
Member
Security Check Log:
Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
(NYL) Altova XMLSpy® 2013 rel. 2 sp2 Professional Edition
Malwarebytes Anti-Malware version 1.75.0.1300
(NYL) Java™ 6 Update 24
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 33.0.1750.154
Google Chrome 34.0.1847.116
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
t5403cg Desktop Maleware SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Similar Topics
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
